For years now, we have been watching almost impotently to the rise and the proliferation of ransom programs.
Ransomware literally has the wind in its sails.
The hackers behind this kind of malware seem more determined than ever. Indeed, it seems that they have found a way to make the maximum amount of money so why not. As a result, organizations, especially businesses, suffer. Public authorities are also not left behind. Hospitals can also be like privileged victims. Recently, several communities in France have been among the many victims made by operators behind a ransomware.
This article will also interest you: Medical data: Several hundred French patients see them given data on the Dark Web
"I was notified at 03:30 in the morning, when the on-call told me that there was no more telephone," The head of computer security in Marseille, Jérôme Poggi, said recently. When the computer scientists were actually able to set foot on the site, precisely the two data centers of the city of Marseille: "the 'visitors' (talking about hackers) were still in the network of the city and all their charges had not yet been triggered" reported the computer scientist, during his speech at a conference bringing together several computer security specialists. One of the emergency actions to take in this case was to stop the operation of all machines and shut down the network to prevent the virus from spreading even further
"At the time of the first damage (…) we don't know if the virus is still spreading in the company's network, or if it's already over," notes an Orange Cyber Defence cyber-firefighter, Robinson Delaugerre.
Orange's cyber defence subsidiary specializes in emergency response to support and assist public and private organizations that have been hit hard by computer attacks.
The next step after stopping all the machines and shutting down the network, computer scientists must look for what may have caused the system's infection. At the same time, the management of the organization must set up a crisis cell to respond to certain situations present. This is in a context where there may no longer be a phone or a computer.
"We're talking about the 3X3 rule," says Gérôme Billois, a partner at Wavestone, a consulting firm that is also in the field of intervention with its cyber-fire teams ready to act on demand. "There are three days of astonishment, where everyone runs everywhere, consumes a crazy energy… he explains.
"Then three weeks of crisis management" during which a company can operate with only "paper and pencils" and "10, 15, 20%" of its IT activity, restarted after cleaning up the virus network, adds the expert.
Even with nearly 1,500 fully reset computers, it would often take up to 3 months before the company could function properly again. This with all fully cleaned machines and functional applications.
"We had to format 1,500 computers and reset 250 servers," explains Arnaud Mabire, vice-president of the Evreux Portes de Normandie agglomeration community, who was also hit by a ransomware in December. He said it took her organization almost a month and a half to get back to normal operations in a community with a population of nearly 100,000. His testimony states that the first days of the crisis were really hard for the computer staff, the employees as well as those directly affected.
"I remember cases where we asked people to evacuate the crisis cell, because they ended up doing anything under the blow of fatigue" notes Gérôme Billois,
But what about the ransom?
Unfortunately, it is clear that the instructions of not paying are not really respected by many business leaders. And for a variety of reasons. "When you're a business manager, all your backups are also encrypted, you have yards to deliver, and you've managed to bring down the ransom from 400,000 to 20,000 euros, it's hard not to pay," says a cybersecurity expert.
Now access an unlimited number of passwords: